package com.gxa.zuul.util;

import com.gxa.zuul.pojo.GuaHaoYuan;
import com.gxa.zuul.pojo.YongHu;
import com.gxa.zuul.service.YongHuService;
import org.apache.shiro.authc.*;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;

import javax.annotation.Resource;

/**
 * @author thinknovo
 * @version 1.0
 * @description UserRealm.java
 */
public class UserRealm extends AuthorizingRealm {

    @Resource
    private YongHuService userService;

    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
        Object principal = principals.getPrimaryPrincipal();            //获取登录的用户pojo对象
        YongHu user = (YongHu) principal;
        Integer auth = user.getAuth();
        System.out.println("AuthorizationInfo principal=" + principal + " user.getAuth()=" + user.getAuth());
        // 下面的代码逻辑是根据企业功能需求来决定
        /*
           根据不同的权限判断可访问的资源
           info.addRole("1")中的形参值，在spring_database.xml中shiroFilter进行配置

           Integer i = null;
           System.out.println(i == 1);
        */
        if(auth != null && auth == 1){
            info.addRole("1");
        }
        if(auth != null && auth == 2){
            info.addRole("2");
        }
        info.addRole("0");
        info.addRole("3");

        return info;
    }

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        YongHu user = null;
        // 把AuthenticationToken实质为UsernamePasswordToken，直接转换即可
        UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) token;
        System.out.println("usernamePasswordToken.getPrincipal"+ usernamePasswordToken.getPrincipal());

        user = userService.getUser(usernamePasswordToken.getUsername());          // 通过service查询用户名是否存在
        // shiro登陆认证，首先通过用户名去数据库获取是否存在当前用户，如果不存在用户，直接抛出异常，如果存在用户，再验证密码
        if (user == null)
            throw new UnknownAccountException("用户不存在！");
        System.out.println("doGetAuthenticationInfo guaHaoYuanXingMing=" + user.getXingMing());
        System.out.println("doGetAuthenticationInfo MiMa=" + user.getMiMa());

        //  spring_database.xml文件中已经对此UserRealm bean对象设置了加密方式和次数，固这里无需重复配置，如果xml文件中没有配置，则需要代码配置
        HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
        hashedCredentialsMatcher.setHashAlgorithmName("MD5");                      // 加密方式，与注册一致
        hashedCredentialsMatcher.setHashIterations(11);                            // 加密次数，与注册一致
        hashedCredentialsMatcher.setStoredCredentialsHexEncoded(true);           // true是默认值，代表16机制值，如果设置false则为base64
        setCredentialsMatcher(hashedCredentialsMatcher);                           // 保存加密设置
        ByteSource credentialsSalt = ByteSource.Util.bytes(user.getXingMing());    // 以用户名为加密盐值
        String realmName = getName();                                              // 当前realm对象的name，调用父类的getName()方法即可
        SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user, user.getMiMa(), credentialsSalt, realmName);
        // 在没有加盐的情况下，三个参数就可以进行初步的简单认证信息对象的包装
//        AuthenticationInfo info = new SimpleAuthenticationInfo(user, user.getPassword(), this.getClass().getSimpleName());
        return info;
    }
}
